[Ksummit-discuss] [CORE TOPIC] Device error handling / reporting / isolation
David Woodhouse
dwmw2 at infradead.org
Fri May 9 19:44:37 UTC 2014
> I'm interested in a related topic: we should systematically use IOMMUs
> and similar hardware features to protect against buggy or *malicious*
> hardware devices. Consider a laptop with an ExpressCard port: plug in a
> device and you have full PCIe access. (The same goes for other systems
> if you open up the case.) We should ensure that devices with no device
> driver have zero privileges, and devices with a device driver have
> carefully whitelisted privileges.
That is precisely what we do by default when an IOMMU is enabled.
--
dwmw2
More information about the Ksummit-discuss
mailing list